# Pull Request Template
## Description
Currently, when a user navigates to a chat and attempts to access the
custom snooze modal, it is not visible, making it unable to set custom
snooze options. With this fix, the custom snooze modal will correctly
display even when a chat is open in mobile view.
**Cause of this issue**
The `<custom-snooze-modal/>` component is added to the `<chat-list/>`
component. To accommodate small screen views, we are using the expanded
view. However, if we open a chat and select the custom snooze option
from the chat header in the message view, the `<custom-snooze-modal/>`
component is hidden in the `<chat-list/>` component.
**Solution**
So, I moved the `<custom-snooze-modal/>` to the wrapper component
`<conversation-view/>` so we can use in all cases like,
1. Right-click to custom snooze
2. CMD bar custom snooze
3. Small screen custom snooze
We previously relied on user roles to determine whether to render
specific routes in our frontend components. A permissions-based model is replacing this approach.
Follow up: #9695
Co-authored-by: Pranav <pranavrajs@gmail.com>
This API change sets the foundation for an upcoming frontend update, transitioning from a role-based model to a permission-based model. This new approach will determine eligibility for various actions and UI elements based on specific permissions rather than roles, enhancing flexibility and security in user access management.
Webpush gem throws errors such as `WebPush::ExpiredSubscription`,
`WebPush::InvalidSubscription`, `WebPush::Unauthorized`. We handled only
ExpiredSubscription.
If the SDK threw any other errors, it would pause sending the
notification to all other devices for that user. This change would
update the logic to remove the expired subscription and handle the rest
of the errors gracefully.
Fixes
https://linear.app/chatwoot/issue/CW-3399/webpushinvalidsubscription-host-fcmgoogleapiscom-nethttpnotfound-404
Bumps [ws](https://github.com/websockets/ws) from 6.2.2 to 6.2.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/websockets/ws/releases">ws's
releases</a>.</em></p>
<blockquote>
<h2>6.2.3</h2>
<h1>Bug fixes</h1>
<ul>
<li>Backported e55e5106 to the 6.x release line (eeb76d31).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d87f3b6d3a"><code>d87f3b6</code></a>
[dist] 6.2.3</li>
<li><a
href="eeb76d313e"><code>eeb76d3</code></a>
[security] Fix crash when the Upgrade header cannot be read (<a
href="https://redirect.github.com/websockets/ws/issues/2231">#2231</a>)</li>
<li>See full diff in <a
href="https://github.com/websockets/ws/compare/6.2.2...6.2.3">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/chatwoot/chatwoot/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This PR adds the following changes
1. Refactor `microsoft/callbacks_controller` to move common logic to
`oauth_callback_controller`, most of the logic is re-used for Google
2. Add UI components, `googleClient` and I18n entries for Google login
3. Add Google callback and inbox creation
4. Add a `joinUrl` utility along with specs (need to move it to utils)
5. Add `GoogleConcern`, `Google::AuthorizationsController` and
`Google::CallbacksController`
> Note: The UI is hidden for now, so we can merge this without any
hiccups, to enable it just revert the commit `05c18de`
### Preview
https://github.com/chatwoot/chatwoot/assets/18097732/1606d150-4561-49dc-838d-e0b00fe49ce3
### Linear Tickers
[CW-3370](https://linear.app/chatwoot/issue/CW-3370)
[CW-3371](https://linear.app/chatwoot/issue/CW-3371)
---------
Co-authored-by: Muhsin Keloth <muhsinkeramam@gmail.com>
`conversation.assignee_id` was taken into consideration for first
response time calculation. There was one flaw in this approach. A lot of
customer support agents respond to the conversation first before
assigning it to themselves. This makes the analytics broken.
To fix this, we will take the message sender instead of assignee in
calculations, which should solve the issue with metric.
Fixes
https://linear.app/chatwoot/issue/CW-3375/first-response-reporting-events-use-assignee-id-instead-of-agent-who
<p>This PR was automatically created by Snyk using the credentials of a
real user.</p><br
/>
### Snyk has created this PR to fix 2 vulnerabilities in the rubygems
dependencies of this project.
#### Snyk changed the following file(s):
- `Gemfile`
- `Gemfile.lock`
#### Vulnerabilities that will be fixed with an upgrade:
| | Issue | Score |
:-------------------------:|:-------------------------|:-------------------------
 | Improper Input Validation
<br/>[SNYK-RUBY-ACTIONPACK-7210237](https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-7210237)
| **496**
 | Missing Cryptographic Step
<br/>[SNYK-RUBY-OPENSSL-6036190](https://snyk.io/vuln/SNYK-RUBY-OPENSSL-6036190)
| **479**
---
> [!IMPORTANT]
>
> - Check the changes in this PR to ensure they won't cause issues with
your project.
> - Max score is 1000. Note that the real score may have changed since
the PR was raised.
> - This PR was automatically created by Snyk using the credentials of a
real user.
---
**Note:** _You are seeing this because you or someone else with access
to this repository has authorized Snyk to open fix PRs._
For more information: <img
src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJmMDU0MzI0Yy1kZjU0LTQ2OTMtYTY1NC1kY2MyZGRmODU1MTIiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImYwNTQzMjRjLWRmNTQtNDY5My1hNjU0LWRjYzJkZGY4NTUxMiJ9fQ=="
width="0" height="0"/>
🧐 [View latest project
report](https://app.snyk.io/org/chatwoot/project/b7197bbd-6200-4f23-931d-c39928584360?utm_source=github&utm_medium=referral&page=fix-pr)
📜 [Customise PR
templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates)
🛠 [Adjust project
settings](https://app.snyk.io/org/chatwoot/project/b7197bbd-6200-4f23-931d-c39928584360?utm_source=github&utm_medium=referral&page=fix-pr/settings)
📚 [Read about Snyk's upgrade
logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities)
---
**Learn how to fix vulnerabilities with free interactive lessons:**
🦉 [Improper Input
Validation](https://learn.snyk.io/lesson/improper-input-validation/?loc=fix-pr)
[//]: #
'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"dotenv-rails","from":"2.8.1","to":"3.0.0"},{"name":"rails","from":"7.0.8.3","to":"7.0.8.4"},{"name":"rspec-rails","from":"6.0.2","to":"6.0.3"},{"name":"web-push","from":"3.0.0","to":"3.0.1"}],"env":"prod","issuesToFix":[{"exploit_maturity":"No
Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-OPENSSL-6036190","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Missing
Cryptographic
Step"}],"prId":"f054324c-df54-4693-a654-dcc2ddf85512","prPublicId":"f054324c-df54-4693-a654-dcc2ddf85512","packageManager":"rubygems","priorityScoreList":[496,479],"projectPublicId":"b7197bbd-6200-4f23-931d-c39928584360","projectUrl":"https://app.snyk.io/org/chatwoot/project/b7197bbd-6200-4f23-931d-c39928584360?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["priorityScore"],"type":"auto","upgrade":["SNYK-RUBY-ACTIONPACK-7210237","SNYK-RUBY-OPENSSL-6036190"],"vulns":["SNYK-RUBY-ACTIONPACK-7210237","SNYK-RUBY-OPENSSL-6036190"],"patch":[],"isBreakingChange":true,"remediationStrategy":"vuln"}'
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
The `add user` utility was updated, and the `--disabled-login` behavior changed in Ubuntu 24.04. This set the login shell to `/sbin/nologin,` which broke the `cwctl` installation flow.
ref: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=625758
Co-authored-by: Vishnu Narayanan <iamwishnu@gmail.com>
This PR upgrades the packages to the latest patch versions, no-breaking
changes. Can be merged once CI clears
Co-authored-by: Pranav <pranav@chatwoot.com>
# Pull Request Template
## Description
fixed getting browser data
In Vue, without computed properties, the data doesn't update, and
because of this, it doesn't display information about the browser.
## Type of change
Please delete options that are not relevant.
- [x] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing
functionality not to work as expected)
- [ ] This change requires a documentation update
## Checklist:
- [x] My code follows the style guidelines of this project
- [x] I have performed a self-review of my code
- [ ] I have commented on my code, particularly in hard-to-understand
areas
- [ ] I have made corresponding changes to the documentation
- [ ] My changes generate no new warnings
- [ ] I have added tests that prove my fix is effective or that my
feature works
- [ ] New and existing unit tests pass locally with my changes
- [ ] Any dependent changes have been merged and published in downstream
modules
Bumps [pug](https://github.com/pugjs/pug) from 3.0.2 to 3.0.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pugjs/pug/releases">pug's
releases</a>.</em></p>
<blockquote>
<h2>pug-code-gen@3.0.3</h2>
<h2>Bug Fixes</h2>
<ul>
<li>Validate <code>templateName</code> and <code>globals</code> are
valid JavaScript identifiers to prevent possible remote code execution
if un-trusted user input is passed to the compilation options (<a
href="https://redirect.github.com/pugjs/pug/issues/3438">#3438</a>)</li>
</ul>
<h2>pug@3.0.3</h2>
<h2>Bug Fixes</h2>
<ul>
<li>
<p>Update pug-code-gen with the following fix: (<a
href="https://redirect.github.com/pugjs/pug/issues/3438">#3438</a>)</p>
<p>Validate <code>templateName</code> and <code>globals</code> are valid
JavaScript identifiers to prevent possible remote code execution if
un-trusted user input is passed to the compilation options</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="32acfe8f19"><code>32acfe8</code></a>
fix: ensure template names are valid identifiers (<a
href="https://redirect.github.com/pugjs/pug/issues/3438">#3438</a>)</li>
<li><a
href="4767cafea0"><code>4767caf</code></a>
refactor: convert pug-error to TypeScript (<a
href="https://redirect.github.com/pugjs/pug/issues/3355">#3355</a>)</li>
<li><a
href="a724446abb"><code>a724446</code></a>
chore: update character-parser (<a
href="https://redirect.github.com/pugjs/pug/issues/3354">#3354</a>)</li>
<li><a
href="6cca8f76be"><code>6cca8f7</code></a>
docs: fix GitHub format in README (<a
href="https://redirect.github.com/pugjs/pug/issues/3335">#3335</a>)</li>
<li>See full diff in <a
href="https://github.com/pugjs/pug/compare/pug@3.0.2...pug@3.0.3">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/chatwoot/chatwoot/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
